September 25, 2017 | Lea White
Every day thousands of people fall victim to phishing attacks. A quick glance in my personal email shows three phishing emails that came in today. In one, I have a package that is due to be delivered and I need to check and verify the detail. In another (from what appears to be from my bank and addressed to me personally), there is a major issue on my account and if I don't click on the link right now to verify my details, it will be deactivated. And of course, the typical one where somebody feels generous enough to share their fortune with me, providing I confirm some personal details. Now while my email account is pretty good at filtering most of those emails, some of them still slip through and more so because they can look incredibly legitimate. I personally know a number of people who have fallen victim and lost a lot of money in the process.
According to Shearwater Solutions statistics, roughly 70% of employees would open a spear phishing email, and 35% would click on the embedded link. With the WannaCry and Petya ransomware attacks still fresh in our minds, having staff able to actively look out for some of the typical phishing features is important in helping to protect an organisation against such threats.
Previously we shared some updates to the Phriendly Phishing Awareness Training based on customer feedback. What makes Phriendly Phishing great is that it is designed for all staff, irrespective of their technical knowledge, it is cloud-based and designed to work on any device. It will help you understand your organisation's phishing risk, educate your staff and nurture awareness.
Through several deployments we have seen click rates from 15% to 70% on initial baseline testing but these decrease dramatically after users go through the training.
With a number of new staff who recently joined SSS, we took the opportunity to refresh their phishing awareness. Some of the feedback that we received afterwards, that are also reflected by our customers, was that it was easy to follow, it did not take a lot of their time and that the training was really useful. People were even discussing the training in the kitchen over lunch and what they now do when looking at a potential phish. But don't just take our word for it – read the independent review on ITWire by David M Williams who wrote about his experience with the Phriendly Phishing training solution here. He was impressed that his risk went from 18% to 0% by the end of the training with very positive feedback from his users.